Compliance

This week, House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) unveiled their bipartisan, bicameral discussion draft of the American Privacy Rights Act (APRA draft).[1] Chair Rodgers’ and Chair Cantwell’s announcement of the APRA draft surprised many congressional observers after comprehensive privacy legislation stalled in 2022.Continue Reading April’s APRA: Could Draft Privacy Legislation Blossom into Law in 2024?

On 2 April 2024, the Italian Data Protection Authority (Garante) announced that on 21 March 2024, it issued a warning to Worldcoin Foundation regarding its intention to collect biometric data (via iris scanning) for digital identification, claiming that such data processing would violate the Regulation (EU) 2016/679 (GDPR).

Worldcoin Foundation supports the Worldcoin project, launched in 2019 by Sam Altman, the CEO of OpenAI LLC (OpenAI). The project is based on iris scanning to verify the identity of users and on linking such processing to the “financial instrument” market, specifically the cryptocurrency called WLD. The iris is scanned by a biometric device named Orb, which scans the face and iris of users to create a unique identification code (the so-called “World ID”) worldwide for each user. The Orb is not yet available in many countries (and is not offered in the EU).Continue Reading The Italian DPA Has Its Eyes on Biometric IDs – Another Fight on Tech or a Win for Privacy?

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Singapore Issues Privacy Guidelines for Children’s Online Safety | Privacy World

China Finalizes New Regulations to Relax Personal Data Exports

On 28 March 2024, Singapore’s Personal Data Protection Commission (Commission) published a set of advisory guidelines on the applicability of the Personal Data Protection Act (PDPA) on children’s personal data in the digital environment (Guidelines)[1].

What is the Ambit of the Guidelines?

The Guidelines are intended to clarify how Singapore’s comprehensive data protection legislation, the PDPA, including its provisions and obligations imposed on relevant organisations, apply to children’s personal data in the digital environment. More specifically, they apply to organisations whose online products or services are “likely to be accessed by children”.Continue Reading Singapore Issues Privacy Guidelines for Children’s Online Safety

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

China Finalizes New Regulations to Relax Personal Data Exports from China | Privacy World

Squire Patton Boggs Lawyers to Present

Nearly six months after the Cyberspace Administration of China (CAC) was first introduced for public consultation, with its draft regulations proposing to ease outbound data transfers from China (Draft Regulations) (see our article at China Releases Draft Regulation to Significantly Ease Cross-border Data Transfers | Privacy World), the much-awaited final rules on Regulating and Facilitating Cross-border Data Flows were published and came into effect on March 22, 2024 (New Regulations). The New Regulations largely repeat the Draft Regulations, but now have further relaxed personal data exports from China.

Meanwhile, on the same day, the CAC also released the Guide to the Application for Security Assessment of Data Exports (Second Edition) and the Guide to the Filing of the Standard Contract for Personal Data Exports (Second Edition) (collectively, the Second Edition Guides) which make corresponding adjustments pursuant to the New Regulations.Continue Reading China Finalizes New Regulations to Relax Personal Data Exports from China

Our lawyers are well known for thought leadership across many platforms, and that tradition continues over the coming weeks. Please join us at these upcoming events to hear the latest trends, updates and insights within the global Data Privacy realm. For more information, contact the presenters or your relationship attorney.

“Best Practices to Leading Post-Cyber Incident Forensic Investigations and Understanding Litigation Implications Surrounding Forensic Reports”
Thursday, March 28 | 2:30 pm – 4:40 pm ET | Webinar

Given the proliferation of litigation stemming from cybersecurity incidents, organizations need to understand how legal teams direct forensic investigations in order must ensure forensic reports align with anticipated litigation scenarios. A forensic report is normally prepared by a cybersecurity firm following a thorough investigation into the nature and scope of a company’s cybersecurity incident. A report will generally identify areas in which a company’s IT infrastructure was not compliant with best practices, regulations and/or industry standards, or whether a third-party vendor is responsible for the gap in a company’s IT infrastructure – all evidence that could substantiate future legal claims, either if a company wants to go on the offensive or if the company must defend itself.

Join Colin Jennings, Katy Spicer and Meghan Quinn for this free CLE accredited webinar to better understand how to effectively lead a post-cyber incident forensic investigation and related discovery implications.

Register for free by using the promotional code “SquirePattonBoggs24”.Continue Reading Squire Patton Boggs Lawyers to Present on Several Upcoming Webinars and Events

On January 15, 2024, the American Arbitration Association (“AAA”) introduced updates to its Mass Arbitration Supplementary Rules and its fee schedules, including for consumer mass arbitrations (collectively referred to as the “Updates”). The Updates consist of a flat initiation fee to lower the cost of initiating arbitrations, the new requirement of counsel to affirm that

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data | Privacy World

Singapore to

In February 2023, Spain implemented Directive (EU) 2019/1937 (although it did not become fully applicable until December of that year) by means of Law 2/2023, of February 20, 2023, regulating the protection of persons who report regulatory violations and the fight against corruption (the “Law”). The Law, which requires all public and private organizations (with more than 50 employees or simply operating in certain sectors, even if they have fewer employees) to implement a whistleblowing system, has raised some doubts from a data protection perspective.Continue Reading Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data